You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@storm.apache.org by et...@apache.org on 2020/02/11 03:47:05 UTC
[storm] branch 2.1.x-branch updated: [STORM-3578]
ClientAuthUtils.insertWorkerTokens removed tokens incorrectly
This is an automated email from the ASF dual-hosted git repository.
ethanli pushed a commit to branch 2.1.x-branch
in repository https://gitbox.apache.org/repos/asf/storm.git
The following commit(s) were added to refs/heads/2.1.x-branch by this push:
new 1bd2d6f [STORM-3578] ClientAuthUtils.insertWorkerTokens removed tokens incorrectly
1bd2d6f is described below
commit 1bd2d6fe01f00f078a2ff80c41d315208c30ac7a
Author: Ethan Li <et...@gmail.com>
AuthorDate: Fri Feb 7 11:23:24 2020 -0600
[STORM-3578] ClientAuthUtils.insertWorkerTokens removed tokens incorrectly
---
.../org/apache/storm/security/auth/ClientAuthUtils.java | 14 +++++++++++---
.../org/apache/storm/security/auth/kerberos/AutoTGT.java | 1 +
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/storm-client/src/jvm/org/apache/storm/security/auth/ClientAuthUtils.java b/storm-client/src/jvm/org/apache/storm/security/auth/ClientAuthUtils.java
index 9fb0e4b..2856258 100644
--- a/storm-client/src/jvm/org/apache/storm/security/auth/ClientAuthUtils.java
+++ b/storm-client/src/jvm/org/apache/storm/security/auth/ClientAuthUtils.java
@@ -399,9 +399,17 @@ public class ClientAuthUtils {
Set<Object> creds = subject.getPrivateCredentials();
synchronized (creds) {
WorkerToken previous = findWorkerToken(subject, type);
- creds.add(token);
- if (previous != null) {
- creds.remove(previous);
+ boolean notAlreadyContained = creds.add(token);
+ if (notAlreadyContained) {
+ if (previous != null) {
+ //this means token is not equal to previous so we should remove previous
+ creds.remove(previous);
+ LOG.info("Replaced WorkerToken for service type {}", type);
+ } else {
+ LOG.info("Added new WorkerToken for service type {}", type);
+ }
+ } else {
+ LOG.info("The new WorkerToken for service type {} is the same as the previous token", type);
}
}
}
diff --git a/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java b/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java
index c4f9f91..ff51ad0 100644
--- a/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java
+++ b/storm-client/src/jvm/org/apache/storm/security/auth/kerberos/AutoTGT.java
@@ -173,6 +173,7 @@ public class AutoTGT implements IAutoCredentials, ICredentialsRenewer, IMetricsR
@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
private void populateSubjectWithTGT(Subject subject, Map<String, String> credentials) {
+ LOG.info("Populating TGT from credentials");
KerberosTicket tgt = getTGT(credentials);
if (tgt != null) {
clearCredentials(subject, tgt);